Lösch, R. (2021):
Towards Quantum-Resistant MACSec using EAP-TLS
In the last 40 years, quantum computing developed from an exclusively theoretical description of a quantum Turing machine to real-world implementations with various technologies and capabilities. Linking this development to digital computer's rapid development in the 20th century, a quantum computer with practical implications on industry and everyone's daily life seems within reachable bounds. There are many reasons to seek such a practical implementation. From algorithmic improvements to completely new technical possibilities like quantum teleportation, a quantum computer promises to solve certain tasks faster than possible with a classical digital computer. Besides the benefits such a computer could provide, it would also have a significant impact on cryptography. Modern cryptography protocols in general and especially the field of public-key cryptography relies on mathematical problems that are believed to be intractable. Famous examples of such algorithms are the RSA and the Diffie-Hellman (DH) key exchange protocol and its variant, Elliptic Curve Diffie-Hellman (ECDH). Today, nearly all encrypted messages in the modern Web are bootstrapped by either one of these protocols. A serious flaw in these cryptosystems would have a massive impact on the confidentiality of user data. This is where quantum computing comes into play. In 1999 Peter Shor published his famous algorithm, which uses a quantum computer to break both the RSA and the DH problem. Since Shor was able to show that both algorithms run in polynomial time, the foundation of modern cryptography is questioned. Luckily, even more than 20 years later, there is no implementation of a quantum computer available that could be used to break cryptographic keys of reasonable size. While this may not be true in the more distant future, an ever-growing effort was introduced to find alternative, quantum-safe cryptosystems for which no such attack exists. This work focuses on the adaptation and evaluation of such algorithms for IEEE 802.1X and IEEE 802.1AE. IEEE 802.1X focuses on the mutual authentication of clients in IEEE 802.1 Ethernet networks. For this purpose, asynchronous digital signature schemes are used that are directly affected by Shor's algorithm. Furthermore, 802.1X uses public-key cryptography and key exchanges to agree on a symmetric key between the clients and the connected network equipment. This work provides a design for a quantum-safe implementation of EAP-TLS, which can be used in IEEE 802.1X to mitigate attacks that involve a quantum computer. An extensive evaluation of the performance of different signature and key exchange algorithms is provided, and as a proof-of-concept, a real-world implementation is benchmarked with selected post-quantum and classical algorithms.